Lucene search
Gentoo Security Advisory GLSA 200404-17 (ipsec-utils)
🗓️ 24 Sep 2008 00:00:00Reported by Copyright (C) 2008 E-Soft Inc.Type 
openvas🔗 plugins.openvas.org👁 17 Views
Gentoo Security Advisory GLSA 200404-17 for ipsec-utils includes update to prevent Denial of Servic
Show more
| Reporter | Title | Published | Views | Family All 18 |
|---|---|---|---|---|
 | CVE-2004-0403 | 1 Jun 200404:00 | – | debiancve |
 | racoon remote denial of service vulnerability (ISAKMP header length field) | 31 Mar 200400:00 | – | freebsd |
 | CVE-2004-0403 | 16 Apr 200404:00 | – | cvelist |
 | GLSA-200404-17 : ipsec-tools and iputils contain a remote DoS vulnerability | 30 Aug 200400:00 | – | nessus |
| FreeBSD : racoon remote denial of service vulnerability (ISAKMP header length field) (ccd698df-8e20-11d8-90d1-0020ed76ef5a) | 13 Jul 200500:00 | – | nessus |
| Fedora Core 2 : ipsec-tools-0.2.5-2 (2004-132) | 23 Jul 200400:00 | – | nessus |
| Mandrake Linux Security Advisory : ipsec-tools (MDKSA-2004:069) | 31 Jul 200400:00 | – | nessus |
| RHEL 3 : ipsec-tools (RHSA-2004:165) | 6 Jul 200400:00 | – | nessus |
| Mac OS X Multiple Vulnerabilities (Security Update 2004-05-03) | 6 Jul 200400:00 | – | nessus |
 | CVE-2004-0403 | 1 Jun 200404:00 | – | nvd |
10
| Source | Link |
|---|---|
| securityfocus | www.securityfocus.com/bid/10172 |
| bugs | www.bugs.gentoo.org/show_bug.cgi |
| securityspace | www.securityspace.com/smysecure/catid.html |
# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.54556");
script_version("2023-07-19T05:05:15+0000");
script_tag(name:"last_modification", value:"2023-07-19 05:05:15 +0000 (Wed, 19 Jul 2023)");
script_tag(name:"creation_date", value:"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)");
script_cve_id("CVE-2004-0403");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_name("Gentoo Security Advisory GLSA 200404-17 (ipsec-utils)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 E-Soft Inc.");
script_family("Gentoo Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
script_tag(name:"insight", value:"racoon, which is included in the ipsec-tools and iputils packages in
Portage, does not check the length of ISAKMP headers. Attackers may be
able to craft an ISAKMP header of sufficient length to consume all
available system resources, causing a Denial of Service.");
script_tag(name:"solution", value:"ipsec-tools users should upgrade to version 0.2.5 or later:
# emerge sync
# emerge -pv '>=net-firewall/ipsec-tools-0.3.1'
# emerge '>=net-firewall/ipsec-tools-0.3.1'
iputils users should upgrade to version 021109-r3 or later:
# emerge sync
# emerge -pv '>=net-misc/iputils-021109-r3'
# emerge '>=net-misc/iputils-021109-r3'");
script_xref(name:"URL", value:"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200404-17");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/10172");
script_xref(name:"URL", value:"http://bugs.gentoo.org/show_bug.cgi?id=48847");
script_tag(name:"summary", value:"The remote host is missing updates announced in
advisory GLSA 200404-17.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-gentoo.inc");
include("revisions-lib.inc");
res = "";
report = "";
report = "";
if ((res = ispkgvuln(pkg:"net-firewall/ipsec-tools", unaffected: make_list("ge 0.3.1"), vulnerable: make_list("lt 0.3.1"))) != NULL) {
report += res;
}
if ((res = ispkgvuln(pkg:"net-misc/iputils", unaffected: make_list("eq 021109-r3"), vulnerable: make_list("eq 021109-r1"))) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo24 Sep 2008 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS25
EPSS0.13257